Last active
March 20, 2019 12:09
-
-
Save wknapik/752e32ed143e9bdaeef596461d768186 to your computer and use it in GitHub Desktop.
Delete aws secretsmanager secrets by name prefix (ansible, bash)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - set_fact: | |
| prefix: foo/bar | |
| - name: delete aws secretsmanager secrets by name prefix | |
| shell: | | |
| set -eo pipefail | |
| shopt -s inherit_errexit 2>/dev/null || true | |
| declare -a opt page_secrets secrets | |
| while [[ "$next_token" != null ]]; do | |
| read -ra opt <<<"${next_token:+--next-token "$next_token"}" | |
| page="$(aws secretsmanager list-secrets \ | |
| --query '[SecretList[?starts_with(Name, `{{ prefix|quote }}`)].Name,NextToken]' \ | |
| "${opt[@]}")" | |
| read -ra page_secrets <<<"$(jq -r '.[0]|join("\t")' <<<"$page")" | |
| secrets+=("${page_secrets[@]}") | |
| next_token="$(jq -r '.[1]' <<<"$page")" | |
| sleep 1 | |
| done | |
| for secret in "${secrets[@]}"; do | |
| aws secretsmanager delete-secret --secret-id "$secret" --recovery-window-in-days 7 | |
| done | |
| args: | |
| executable: bash | |
| register: foo | |
| changed_when: '"DeletionDate" in foo.stdout' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Yeah, it's pretty terrible ;]
Requires bash and jq.
Use at your own risk.
ansible/ansible#40093